FireEye Study: Evasive Malware Rises Nearly 400 Percent

Pages

A new survey released by FireEye, a Milpitas, Calif.-based company that specializes in defense against advanced targeted threats, indicates that malware that can slip through signature-based detection has nearly quadrupled in the past year. The report also names financial services, technology, healthcare and energy as the key verticals most likely to be targeted.

"The FireEye Advanced Threat Report focused on the analysis of traffic that comes in after it has been scanned by antivirus, IPS, firewall and similar security technologies," said Phil Lin, director of product marketing at FireEye. "And, when it comes to malware that can slip through the net of signature-based detection, we're looking at an increase of 392 percent in the past year alone."

Compared to the second half of 2011, the number of infections per company rose by 225 percent in the first half of 2012.

Meanwhile, the dangers posed by email-based attacks continue to escalate, with both link-based attacks and attachment-based attacks growing in number and severity. In addition, cyber criminals are more frequently leveraging customized domains that are only used for short periods of time in support of spear phishing emails.

Click image for full-sized view.

"There's a greater focus on the Web, more money in it than ever before, and more people going into cyber crime than ever before," explained Ali Mesdaq, security researcher at FireEye. "There's government involvement and all types of participation by nation-states, and a lot of similar factors that would drive up the number of attacks."

According to the report, organizations are experiencing 643 weekly Web-based attacks in which their security infrastructure is penetrated to some extent. This statistic represents a wide variety of file-based threats, but it does not include callback activities, which largely happen over the Web.

"The problem with signature-based defenses is a scaling issue," added Mesdaq. "There are so many new exploits coming out every day that the signature databases can't scale to that level. Some sort of technology development will be needed before they will be able to handle the rapid increase in volume."

The report goes on to say that attack patterns are highly variable based on vertical markets. Attacks on healthcare, for instance have apparently doubled, whereas attacks against the energy industry are up 60 percent. The financial services industry is still near the top of the food chain, although the law of large numbers is keeping the percentage increase in check.

"In healthcare, a lot of it has to do with the digitization of patient records," explained Lin. "As the use of tablets and other devices in healthcare continues to become more pervasive, this industry becomes a much more viable target."